Authenticate with a Bearer authorization header

The Piiano Vault REST API uses either API keys or JWT access tokens generated by an external identity provider to authenticate and authorize requests. It accepts Bearer tokens in the HTTP Authorization header using the Bearer <api-key|jwt-token> scheme.

To enable evaluation and testing, Vault ships with a default API key of pvaultauth for the admin user. See Set the admin's API key for information on how to set a value for this key.

To obtain an API key for any other user, use the regenerate user API key REST API operation or CLI command.

To configure JWT authentication, see Configure JWT authentication.

See Manage users and policies to learn more about how Vault controls access to operations and data.

Tenant isolation header

The Piiano Vault REST API supports an optional enforcement header, to ensure tenant isolation. This header ensures that each operation is limited to the intended tenant.

The enforcement header is X-Tenant-Id and its value is a list of tenant ids separated by comma. When an enforcement violation is detected, the entire request fails with status code 403.

For example, if the enforcement header is X-Tenant-Id: 1,2,3, then the operation will be executed only if the resources are owned by tenant 1, 2 or 3.